LDAP login not working for UIM Secondary hubs

Document ID : KB000110136
Last Modified Date : 09/08/2018
Show Technical Document Details
Issue:
LDAP login is only working for Primary Hub .While the secondary hubs are configured for LDAP the same way as the primary is and the ACL's are there, LDAP users are not able to log into Infrastructure Manager from the secondary hubs
Environment:
UIM 8.4x
UIM 8.5x
Resolution:
It is not required to make LDAP settings on all the hubs for LDAP login in CA Unified infrastructure Management.
You can set Primary Hub as  the UIM Proxy Hub in your secondary hub LDAP settings
  • Open Secondary Hub probe GUI. 
  • LDAP settings: 
  • Nimsoft Proxy Hub 
  • Proxy LDAP Authentication 
  • Proxy Hub == <primary hub> 
uim_proxy_hub


You will have to set secondary hubs as LDAP 'proxy' hubs. You can do this on Linux or Windows hubs.

To do this, open the hub GUI on the hub in question and go to the Settings/LDAP tab like you normally would for configuring LDAP. 

On this screen set the radio button for "Nimsoft Proxy Hub" and then check the box for "Proxy LDAP Authentication". 

Now pull down the drop-down menu and locate the Primary Hub in the list. It will ask if you want to use this hub as a proxy hub - say yes then click OK and restart the hub. 

After this your LDAP requests will be forwarded to the primary hub which will in turn forward them to the LDAP server for authentication. 

To summarize the primay hub will have the LDAP authentication, and if authenticating onto a secondary hub, that hub will use the primary hub as an LDAP proxy hub, which is the normal configuration. 
Additional Information:

 

Hub IM GUI Reference

https://docops.ca.com/ca-unified-infrastructure-management-probes/ga/en/alphabetical-probe-articles/hub/hub-im-configuration/hub-im-gui-reference#HubIMGUIReference-LDAPAdvancedSettings